Privacy Policy

Effective April 2026

DropCharge is a voice-to-billing charge capture tool for physicians. Patient privacy is the foundation of how we built it. This policy explains what we collect, what we don't, and how your data is handled.

What We Collect

• Access code -- hashed and stored securely, never in plaintext
• Device ID -- used for device binding and authorization
• Push notification subscription -- if you enable reminders for subsequent-day billing
• Billing codes and encounter metadata -- for Tier 2 (Secure Link) and Tier 3 (Dashboard) plans only, stored server-side to generate secure links and populate the billing dashboard

What We Do NOT Collect

The following patient identifiers never leave your device and are never transmitted to our servers or any third party:

• Patient name
• Medical Record Number (MRN)
• Date of birth
• Date of service

When DropCharge sends the clinical description to AI for code extraction, only the patient's age is included -- calculated from the date of birth you entered, and capped at 90 per HIPAA Safe Harbor de-identification standards. The patient's actual date of birth is never sent.

PHI Protection

DropCharge uses a HIPAA Safe Harbor architecture. Patient identifiers are stripped before any data leaves the device via API. This means no Business Associate Agreement (BAA) is required with our AI provider for Tier 1.

• Tier 1 (Email) -- PHI is re-attached to the charge slip locally on your device before sending through your own Exchange account. Our servers never see it.
• Tier 2 (Secure Link) -- Charge slips are encrypted with AES-256 before storage. Secure links auto-delete after 72 hours.
• Tier 3 (Dashboard) -- BAA available. Full audit trail and access controls.

Real-time PHI detection runs during dictation. If a patient identifier appears in the transcript, DropCharge shows a warning and requires confirmation before any API call is made.

Email Delivery

For Tier 1, charge slips are sent through the physician's own Microsoft Exchange account via the Microsoft Graph API. DropCharge does not operate its own email servers.

Emails contain PHI (patient name, MRN, date of birth, date of service) because identifiers are re-attached locally on the device before the email is composed. The email travels through your organization's existing HIPAA-compliant email infrastructure.

Audio Transcription

Encounter descriptions are transcribed using Deepgram's speech-to-text service. The audio sent to Deepgram contains only the clinical narrative -- patient identifiers (name, MRN, DOB, DOS) are captured in separate fields and are not part of the audio stream sent for transcription.

Data Storage

On your device: encounter history, charge log (if enabled in settings), billing email preferences, and device settings. This data stays in your browser's local storage and is not synced to any server.

On our servers (Supabase): device registrations, push notification subscriptions, and reminder records. Reminder records include patient name and MRN so we can send you a useful push notification the next morning -- this is the only server-side storage of patient identifiers, and it is limited to reminder functionality.

We do not sell, rent, or share your data with any third party for marketing, advertising, or any purpose unrelated to providing the DropCharge service.

Third-Party Services

• Anthropic (Claude) -- AI billing code extraction. Receives patient age and clinical description only. No patient identifiers.
• Deepgram -- Audio transcription of encounter descriptions. No patient identifiers in the audio stream.
• Microsoft Graph -- Email sending through the physician's own organizational Exchange account.
• Vercel -- Application hosting and serverless functions.
• Supabase -- Database for device registrations, push subscriptions, and reminders.

Data Retention

On-device data persists until you clear your browser storage or uninstall the app. Secure links (Tier 2) auto-delete after 72 hours. Server-side reminder records are deleted after the reminder is sent. We do not retain encounter data beyond what is needed for active service delivery.

Cancellation & Refund Policy

All plans include a 30-day free trial with no credit card required.

• You may cancel your subscription at any time from your account settings or by contacting support@dropcharge.app.
• Cancellation takes effect at the end of your current billing period. You retain access until then.
• No refunds are issued for partial months.
• There are no cancellation fees.

Account Deletion

You may request full account deletion at any time by emailing support@dropcharge.app or by using the Delete Account option in the app's Settings.

Upon deletion:

• All server-side data (device registrations, push subscriptions, reminders) will be permanently deleted within 30 days.
• Your access code will be deactivated.
• Local data stored on your device (encounter history, settings, charge log) can be cleared by you at any time from Settings or by uninstalling the app.
• No data is retained after deletion. This action is irreversible.

Contact

Questions about this policy or how DropCharge handles your data:

privacy@dropcharge.app

For support or account issues: support@dropcharge.app

This policy was last updated in April 2026. We will notify active users of any material changes.